omniauth-oauth2 1.3.1 → 1.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 414a1411316ba3f8463a30120106b6a89bb62c50
-  data.tar.gz: 6c2e2383286d4f5ed5e86daf82d74dda2611d716
+SHA256:
+  metadata.gz: '0496e01a0a03c432891358ac0bbe4ed744560f47c88c2cc32a999feafc78e576'
+  data.tar.gz: 6196ba4a1880c328392de4e145434fccf1c4a64fdbc8f87c94ffc2e274bb509b
 SHA512:
-  metadata.gz: b62f9e18f9b832f556de30b1a3f085c26266dbd108c9244d441320960e4e0e6e30fb3e9ffe5addf1adf687cab8999f255c0351e3efb2a2daef1cc21e450c1f1f
-  data.tar.gz: b83fb3b97ef73310a898d204eed6f6501eba58535eb8829129a239f2a349ea0620cb78477697f1a75e3fcf1d600f40763340dcb27be80c12c7aff382949fce16
+  metadata.gz: 5db83ecb687e9fe790f3c76f3c831aac7a6e2e444e97cf532b08629caf27400bbc242e474c50ba07d1d7e1a39dce6468a62e751981069e191483d5f99bd009d8
+  data.tar.gz: 3b66b0a2813184f867646699823b7434a4d7b9ce08594c6eaded5b4b37b965bc6cbae932087fe1bfd446fb126e3245d8b5fe0ec47798ef8f81083f251933d1a9

data/.github/workflows/main.yml

@@ -0,0 +1,49 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    runs-on: ubuntu-18.04
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+  test-jruby:
+    runs-on: ubuntu-18.04
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        jruby: [jruby, jruby-head]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.jruby }}
+        bundler-cache: true
+    - name: Install dependencies
+      env:
+        JRUBY_OPTS: --debug
+      run: bundle install
+    - name: Run tests
+      env:
+        JRUBY_OPTS: --debug
+      run: bundle exec rake

data/.rubocop.yml

@@ -1,10 +1,35 @@
-Metrics/BlockNesting:
-  Max: 2
+AllCops:
+  NewCops: enable
+
+Gemspec/RequiredRubyVersion:
+  Enabled: false
 
-Metrics/LineLength:
+Layout/AccessModifierIndentation:
+  EnforcedStyle: outdent
+
+Layout/LineLength:
   AllowURI: true
   Enabled: false
 
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
+
+Lint/MissingSuper:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 18
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/omniauth/strategies/oauth2_spec.rb
+
+Metrics/BlockNesting:
+  Max: 2
+
+Metrics/ClassLength:
+  Max: 110
+
 Metrics/MethodLength:
   CountComments: false
   Max: 10
@@ -13,8 +38,9 @@ Metrics/ParameterLists:
   Max: 4
   CountKeywordArgs: true
 
-Style/AccessModifierIndentation:
-  EnforcedStyle: outdent
+Naming/FileName:
+  Exclude:
+    - lib/omniauth-oauth2.rb
 
 Style/CollectionMethods:
   PreferredMethods:
@@ -29,14 +55,26 @@ Style/Documentation:
 Style/DoubleNegation:
   Enabled: false
 
+Style/ExpandPathArguments:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
 Style/HashSyntax:
   EnforcedStyle: hash_rockets
 
-Style/SpaceInsideHashLiteralBraces:
-  EnforcedStyle: no_space
+Style/StderrPuts:
+  Enabled: false
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes
 
-Style/TrailingComma:
-  EnforcedStyleForMultiline: 'comma'
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: comma

data/.travis.yml

@@ -1,19 +1,19 @@
-before_install: gem install bundler
+bundler_args: --without development
+before_install:
+  - gem update --system
+  - gem update bundler
+cache: bundler
 env:
   global:
     - JRUBY_OPTS="$JRUBY_OPTS --debug"
 language: ruby
 rvm:
-  - 1.8.7
-  - 1.9.3
-  - 2.0.0
-  - 2.1
-  - 2.2
-  - jruby-18mode
-  - jruby-19mode
+  - jruby-9000
+  - 2.4.4
+  - 2.5.3
   - jruby-head
-  - rbx-2
   - ruby-head
+  - truffleruby-head
 matrix:
   allow_failures:
     - rvm: jruby-head

data/Gemfile

@@ -1,17 +1,18 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 
-gem "rake"
+gem "rake", "~> 12.0"
 
 group :test do
+  gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
   gem "coveralls"
-  gem "json", :platforms => [:jruby, :ruby_18, :ruby_19]
-  gem "mime-types", "~> 1.25", :platforms => [:jruby, :ruby_18]
+  gem "json", :platforms => %i[jruby ruby_18 ruby_19]
+  gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
   gem "rack-test"
-  gem "rest-client", "~> 1.6.0", :platforms => [:jruby, :ruby_18]
+  gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
   gem "rspec", "~> 3.2"
-  gem "rubocop", ">= 0.30", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22]
+  gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
   gem "simplecov", ">= 0.9"
-  gem "webmock"
+  gem "webmock", "~> 3.0"
 end
 
 # Specify your gem's dependencies in omniauth-oauth2.gemspec

data/README.md

@@ -1,14 +1,13 @@
 # OmniAuth OAuth2
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
-[![Build Status](http://img.shields.io/travis/intridea/omniauth-oauth2.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/intridea/omniauth-oauth2.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
+[![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
+[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
+[![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
 
 [gem]: https://rubygems.org/gems/omniauth-oauth2
-[travis]: http://travis-ci.org/intridea/omniauth-oauth2
-[gemnasium]: https://gemnasium.com/intridea/omniauth-oauth2
+[travis]: http://travis-ci.org/omniauth/omniauth-oauth2
 [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
 [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
 
@@ -33,6 +32,10 @@ module OmniAuth
       # This is where you pass the options you would pass when
       # initializing your consumer from the OAuth gem.
       option :client_options, {:site => "https://api.somesite.com"}
+      
+      # You may specify that your strategy should use PKCE by setting
+      # the pkce option to true: https://tools.ietf.org/html/rfc7636
+      option :pkce, true
 
       # These are called after authentication has succeeded. If
       # possible, you should try to set the UID without making
@@ -63,5 +66,3 @@ end
 ```
 
 That's pretty much it!
-
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth-oauth2/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

data/Rakefile

@@ -1,4 +1,5 @@
 #!/usr/bin/env rake
+
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 
@@ -15,4 +16,4 @@ rescue LoadError
   end
 end
 
-task :default => [:spec, :rubocop]
+task :default => %i[spec rubocop]

data/lib/omniauth-oauth2.rb

@@ -1,2 +1,2 @@
-require "omniauth-oauth2/version" # rubocop:disable FileName
+require "omniauth-oauth2/version"
 require "omniauth/strategies/oauth2"

data/lib/omniauth-oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module OAuth2
-    VERSION = "1.3.1"
+    VERSION = "1.7.1".freeze
   end
 end

data/lib/omniauth/strategies/oauth2.rb

@@ -18,17 +18,28 @@ module OmniAuth
         OmniAuth::Strategy.included(subclass)
       end
 
-      args [:client_id, :client_secret]
+      args %i[client_id client_secret]
 
       option :client_id, nil
       option :client_secret, nil
       option :client_options, {}
       option :authorize_params, {}
-      option :authorize_options, [:scope]
+      option :authorize_options, %i[scope state]
       option :token_params, {}
       option :token_options, []
       option :auth_token_params, {}
       option :provider_ignores_state, false
+      option :pkce, false
+      option :pkce_verifier, nil
+      option :pkce_options, {
+        :code_challenge => proc { |verifier|
+          Base64.urlsafe_encode64(
+            Digest::SHA2.digest(verifier),
+            :padding => false,
+          )
+        },
+        :code_challenge_method => "S256",
+      }
 
       attr_accessor :access_token
 
@@ -36,15 +47,11 @@ module OmniAuth
         ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
       end
 
-      def callback_url
-        full_host + script_name + callback_path
-      end
-
       credentials do
         hash = {"token" => access_token.token}
-        hash.merge!("refresh_token" => access_token.refresh_token) if access_token.expires? && access_token.refresh_token
-        hash.merge!("expires_at" => access_token.expires_at) if access_token.expires?
-        hash.merge!("expires" => access_token.expires?)
+        hash["refresh_token"] = access_token.refresh_token if access_token.expires? && access_token.refresh_token
+        hash["expires_at"] = access_token.expires_at if access_token.expires?
+        hash["expires"] = access_token.expires?
         hash
       end
 
@@ -52,22 +59,29 @@ module OmniAuth
         redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
       end
 
-      def authorize_params
+      def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         options.authorize_params[:state] = SecureRandom.hex(24)
-        params = options.authorize_params.merge(options_for("authorize"))
+
         if OmniAuth.config.test_mode
           @env ||= {}
           @env["rack.session"] ||= {}
         end
+
+        params = options.authorize_params
+                        .merge(options_for("authorize"))
+                        .merge(pkce_authorize_params)
+
+        session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
         session["omniauth.state"] = params[:state]
+
         params
       end
 
       def token_params
-        options.token_params.merge(options_for("token"))
+        options.token_params.merge(options_for("token")).merge(pkce_token_params)
       end
 
-      def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
+      def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         error = request.params["error_reason"] || request.params["error"]
         if error
           fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
@@ -88,23 +102,44 @@ module OmniAuth
 
     protected
 
+      def pkce_authorize_params
+        return {} unless options.pkce
+
+        options.pkce_verifier = SecureRandom.hex(64)
+
+        # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
+        {
+          :code_challenge => options.pkce_options[:code_challenge]
+                                    .call(options.pkce_verifier),
+          :code_challenge_method => options.pkce_options[:code_challenge_method],
+        }
+      end
+
+      def pkce_token_params
+        return {} unless options.pkce
+
+        {:code_verifier => session.delete("omniauth.pkce.verifier")}
+      end
+
       def build_access_token
         verifier = request.params["code"]
         client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
       end
 
       def deep_symbolize(options)
-        hash = {}
-        options.each do |key, value|
+        options.each_with_object({}) do |(key, value), hash|
           hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
         end
-        hash
       end
 
       def options_for(option)
         hash = {}
         options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
-          hash[key.to_sym] = options[key]
+          hash[key.to_sym] = if options[key].respond_to?(:call)
+                               options[key].call(env)
+                             else
+                               options[key]
+                             end
         end
         hash
       end

data/omniauth-oauth2.gemspec

@@ -3,22 +3,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "omniauth-oauth2/version"
 
 Gem::Specification.new do |gem|
-  gem.add_dependency "oauth2",     "~> 1.0"
-  gem.add_dependency "omniauth",   "~> 1.2"
+  gem.add_dependency "oauth2",     "~> 1.4"
+  gem.add_dependency "omniauth",   [">= 1.9", "< 3"]
 
-  gem.add_development_dependency "bundler", "~> 1.0"
+  gem.add_development_dependency "bundler", "~> 2.0"
 
-  gem.authors       = ["Michael Bleigh", "Erik Michaels-Ober"]
-  gem.email         = ["michael@intridea.com", "sferik@gmail.com"]
+  gem.authors       = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
+  gem.email         = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
   gem.description   = "An abstract OAuth2 strategy for OmniAuth."
   gem.summary       = gem.description
-  gem.homepage      = "https://github.com/intridea/omniauth-oauth2"
-  gem.licenses      = %w(MIT)
+  gem.homepage      = "https://github.com/omniauth/omniauth-oauth2"
+  gem.licenses      = %w[MIT]
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").collect { |f| File.basename(f) }
   gem.files         = `git ls-files`.split("\n")
   gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   gem.name          = "omniauth-oauth2"
-  gem.require_paths = %w(lib)
+  gem.require_paths = %w[lib]
   gem.version       = OmniAuth::OAuth2::VERSION
 end

data/spec/omniauth/strategies/oauth2_spec.rb

@@ -49,9 +49,10 @@ describe OmniAuth::Strategies::OAuth2 do
     end
 
     it "includes top-level options that are marked as :authorize_options" do
-      instance = subject.new("abc", "def", :authorize_options => [:scope, :foo, :state], :scope => "bar", :foo => "baz")
+      instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
       expect(instance.authorize_params["scope"]).to eq("bar")
       expect(instance.authorize_params["foo"]).to eq("baz")
+      expect(instance.authorize_params["state"]).not_to be_empty
     end
 
     it "includes random state in the authorize params" do
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do
       expect(instance.authorize_params.keys).to eq(["state"])
       expect(instance.session["omniauth.state"]).not_to be_empty
     end
+
+    it "includes custom state in the authorize params" do
+      instance = subject.new("abc", "def", :state => proc { "qux" })
+      expect(instance.authorize_params.keys).to eq(["state"])
+      expect(instance.session["omniauth.state"]).to eq("qux")
+    end
+
+    it "includes PKCE parameters if enabled" do
+      instance = subject.new("abc", "def", :pkce => true)
+      expect(instance.authorize_params[:code_challenge]).to be_a(String)
+      expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
+      expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
+    end
   end
 
   describe "#token_params" do
@@ -70,9 +84,16 @@ describe OmniAuth::Strategies::OAuth2 do
     end
 
     it "includes top-level options that are marked as :authorize_options" do
-      instance = subject.new("abc", "def", :token_options => [:scope, :foo], :scope => "bar", :foo => "baz")
+      instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
       expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
     end
+
+    it "includes the PKCE code_verifier if enabled" do
+      instance = subject.new("abc", "def", :pkce => true)
+      # setup session
+      instance.authorize_params
+      expect(instance.token_params[:code_verifier]).to be_a(String)
+    end
   end
 
   describe "#callback_phase" do

metadata

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.7.1
 platform: ruby
 authors:
 - Michael Bleigh
 - Erik Michaels-Ober
+- Tom Milewski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-22 00:00:00.000000000 Z
+date: 2021-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oauth2
@@ -17,50 +18,58 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.9'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.9'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 description: An abstract OAuth2 strategy for OmniAuth.
 email:
 - michael@intridea.com
 - sferik@gmail.com
+- tmilewski@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/main.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -75,7 +84,7 @@ files:
 - omniauth-oauth2.gemspec
 - spec/helper.rb
 - spec/omniauth/strategies/oauth2_spec.rb
-homepage: https://github.com/intridea/omniauth-oauth2
+homepage: https://github.com/omniauth/omniauth-oauth2
 licenses:
 - MIT
 metadata: {}
@@ -94,8 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: An abstract OAuth2 strategy for OmniAuth.